yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1844664] [NEW] Project Endpoints should account for system scopes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Vishakha Agarwal <1844664@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Sep 2019 12:21:53 -0000
Reply-to: Bug 1844664 <1844664@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Project resources in keystone can be tagged with endpoints. Operations
for managing project endpoints should only be managed by system
administrators and not project-level or domain-level users.

The policies that protect the project endpoints should understand
system-scope [0].

[0]
https://opendev.org/openstack/keystone/src/commit/18e0080af3dcc0a96ff5d98aeb5f517080a35fb2/keystone/common/policies/project_endpoint.py#L19-L66

** Affects: keystone
     Importance: Undecided
     Assignee: Vishakha Agarwal (vishakha.agarwal)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Vishakha Agarwal (vishakha.agarwal)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1844664

Title:
  Project Endpoints should account for system scopes

Status in OpenStack Identity (keystone):
  New

Bug description:
  Project resources in keystone can be tagged with endpoints. Operations
  for managing project endpoints should only be managed by system
  administrators and not project-level or domain-level users.

  The policies that protect the project endpoints should understand
  system-scope [0].

  [0]
  https://opendev.org/openstack/keystone/src/commit/18e0080af3dcc0a96ff5d98aeb5f517080a35fb2/keystone/common/policies/project_endpoint.py#L19-L66

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1844664/+subscriptions

Follow ups

[Bug 1844664] Re: Project Endpoints should account for system scope and default roles
From: OpenStack Infra, 2019-09-20